Re: [jose] Header criticality -- hidden consensus?
"Vladimir Dzhuvinov / NimbusDS" <vladimir@nimbusds.com> Sat, 09 February 2013 06:35 UTC
Return-Path: <vladimir@nimbusds.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1E1B21F8C8D for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 22:35:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EkHQlL4-PAE for <jose@ietfa.amsl.com>; Fri, 8 Feb 2013 22:35:14 -0800 (PST)
Received: from n1plwbeout07-01.prod.ams1.secureserver.net (n1plsmtp07-01-02.prod.ams1.secureserver.net [188.121.52.106]) by ietfa.amsl.com (Postfix) with SMTP id 8B7CC21F8C7C for <jose@ietf.org>; Fri, 8 Feb 2013 22:35:12 -0800 (PST)
Received: (qmail 14803 invoked from network); 9 Feb 2013 06:35:12 -0000
Received: from unknown (HELO localhost) (188.121.52.245) by n1plwbeout07-01.prod.ams1.secureserver.net with SMTP; 9 Feb 2013 06:35:02 -0000
Received: (qmail 3826 invoked by uid 99); 9 Feb 2013 06:35:02 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Originating-IP: 95.43.38.76
User-Agent: Workspace Webmail 5.6.32
Message-Id: <20130208233501.cc40c4f3d92d2001859047cd8cabb9ab.f4a7008ad7.wbe@email07.europe.secureserver.net>
From: Vladimir Dzhuvinov / NimbusDS <vladimir@nimbusds.com>
To: Richard Barnes <rlb@ipv.sx>, "jose@ietf.org" <jose@ietf.org>
Date: Fri, 08 Feb 2013 23:35:01 -0700
Mime-Version: 1.0
Subject: Re: [jose] Header criticality -- hidden consensus?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Feb 2013 06:35:14 -0000
Hi Richard, I understand your concern. With some bit of interface engineering we managed to have this requirement covered at library level, by allowing client apps to specify additional accepted parameters. If the JOSE library encounters a header with an unexpected name, it will mark the message as bad on the spot, so it won't be passed on to the app code at all. You can take a look at the interface Javadocs here: http://nimbusds.com/files/jose-jwt/javadoc/com/nimbusds/jose/HeaderFilter.html And the actual code at the Git repo: https://bitbucket.org/nimbusds/nimbus-jose-jwt/src/bef49c225aae194b6c40a376aee36b9af37a5da6/src/main/java/com/nimbusds/jose/HeaderFilter.java?at=master What's more, this interface allows even certain standard headers from the JWS/JWE spec to not be denied (say if the client app doesn't want to accept X509 cert URLs, etc). I hope this helps, Vladimir -- Vladimir Dzhuvinov : www.NimbusDS.com : vladimir@nimbusds.com -------- Original Message -------- Subject: [jose] Header criticality -- hidden consensus? From: Richard Barnes <rlb@ipv.sx> Date: Fri, February 08, 2013 11:11 pm To: "jose@ietf.org" <jose@ietf.org> We're 24 votes into the header criticality poll, so I thought I would go ahead and take a look at how the results are shaping up. My initial tabulation is below. The result on the FIRST POLL (the main one) is as follows: No: 10 Yes: 14 What I find striking, however, is that every single person that voted "Yes" on the FIRST POLL also voted "Yes" on the SECOND POLL. So nobody who thinks that all headers should be critical thinks that a JOSE library should actually be required to enforce this constraint. And that means that enforcing that all headers are supported cannot be a MUST according to RFC 2119. So I wonder if there's consensus to remove the following text from JWE and JWS: -----BEGIN-JWE----- 4. The resulting JWE Header MUST be validated to only include parameters and values whose syntax and semantics are both understood and supported. -----END-JWE----- -----BEGIN-JWS----- 4. The resulting JWS Header MUST be validated to only include parameters and values whose syntax and semantics are both understood and supported. -----END-JWS----- Otherewise, a JOSE library conforming to these specifications would be REQUIRED (a synonym to MUST in 2119) to reject a JWE/JWS that contains an unknown header, contradicting all those "Yes" votes on the SECOND POLL. --Richard -----BEGIN-Tabulation----- 1 2 3 Name: N - - Bradley N - - Ito N N A Yee N N B Barnes N N B Rescorla N N C Manger N N C Octman N Y A Fletcher N Y A Miller N Y A Sakimura Y Y - D'Agostino Y Y A Biering Y Y A Brault Y Y A Hedberg Y Y A Jay Y Y A Jones Y Y A Marais Y Y A Nadalin Y Y A Nara Y Y A Nennker Y Y A Solberg Y Y B Hardt Y Y B Medeiros Y Y C Matake Y Y C Mishra -----END-Tabulation----- _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose
- [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Brian Campbell
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Brian Campbell
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Richard Barnes
- Re: [jose] Header criticality -- hidden consensus? Mike Jones
- Re: [jose] Header criticality -- hidden consensus? Vladimir Dzhuvinov / NimbusDS
- Re: [jose] Header criticality -- hidden consensus? Hannes Tschofenig
- Re: [jose] Header criticality -- hidden consensus? Manger, James H
- Re: [jose] Header criticality -- hidden consensus? Vladimir Dzhuvinov / NimbusDS